I can agree they're most likely probes rather than attacks (of course a probe that finds a weekness becomes an attack..) can't the logging level just be turned down? Not quite as safe, but could get you to the content you need to deal with quicker? Perhaps split the logging into two separate logs, emergency and warning levels? Just abstract thought...I have no idea how to accomplish either suggestion? On Tue, 2005-01-25 at 11:32 -0600, Thomas Cameron wrote: > On Tue, 2005-01-25 at 17:27 +0000, Robert Slade wrote: > > Hiya, > > > > I'm using FC2 and my Web Server keeps getting attacked by from a number > > of sources (Korea, China, France) which is filling the logs up with > > rubbish. I have been adding the IP addresses to IPtables, but it is a > > bit of a pain to keep doing this as there are quite a few attacks from > > different IPs. Is there an easy way of doing this? I'm thinking of > > setting up a rule in Iptables to point to a file which I can easily add > > the IP addresses that I need to block. Is this possible and what would > > be the syntax? > > > > Thanks > > > > Rob > > I tried this years ago, and quickly found that I could never keep up. > These "attacks" (usually more probes than outright attacks) come from > all over the globe. > > Me personally, I just live with the log entries. > > Thomas >
